maybe chmod 0644 'apparmor.d/local/usr.bin.freshclam'
maybe chmod 0644 'apparmor.d/local/usr.sbin.clamd'
maybe chmod 0644 'apparmor.d/local/usr.sbin.haveged'
+maybe chmod 0644 'apparmor.d/local/usr.sbin.named'
maybe chmod 0644 'apparmor.d/usr.bin.freshclam'
maybe chmod 0644 'apparmor.d/usr.sbin.clamd'
maybe chmod 0644 'apparmor.d/usr.sbin.haveged'
maybe chmod 0644 'apparmor.d/usr.sbin.mysqld'
+maybe chmod 0644 'apparmor.d/usr.sbin.named'
maybe chmod 0755 'apt'
maybe chmod 0644 'apt/SALTSTACK-GPG-KEY.pub'
maybe chmod 0755 'apt/apt.conf.d'
maybe chmod 0644 'bash_completion.d/insserv'
maybe chmod 0644 'bash_completion.d/salt-common'
maybe chmod 0644 'bash_completion.d/tig'
+maybe chgrp 'bind' 'bind'
+maybe chmod 2755 'bind'
+maybe chmod 0644 'bind/bind.keys'
+maybe chmod 0644 'bind/db.0'
+maybe chmod 0644 'bind/db.127'
+maybe chmod 0644 'bind/db.255'
+maybe chmod 0644 'bind/db.empty'
+maybe chmod 0644 'bind/db.local'
+maybe chmod 0644 'bind/db.root'
+maybe chgrp 'bind' 'bind/named.conf'
+maybe chmod 0644 'bind/named.conf'
+maybe chgrp 'bind' 'bind/named.conf.default-zones'
+maybe chmod 0644 'bind/named.conf.default-zones'
+maybe chgrp 'bind' 'bind/named.conf.local'
+maybe chmod 0644 'bind/named.conf.local'
+maybe chgrp 'bind' 'bind/named.conf.options'
+maybe chmod 0644 'bind/named.conf.options'
+maybe chown 'bind' 'bind/rndc.key'
+maybe chgrp 'bind' 'bind/rndc.key'
+maybe chmod 0640 'bind/rndc.key'
+maybe chmod 0644 'bind/zones.rfc1918'
maybe chmod 0644 'bindresvport.blacklist'
maybe chmod 0755 'binfmt.d'
maybe chmod 0755 'ca-certificates'
maybe chmod 0644 'default/acpid'
maybe chmod 0644 'default/amavis-mc'
maybe chmod 0644 'default/amavisd-snmp-subagent'
+maybe chmod 0644 'default/bind9'
maybe chmod 0644 'default/bsdmainutils'
maybe chmod 0644 'default/chrony'
maybe chmod 0644 'default/console-setup'
maybe chmod 0755 'init.d/amavis-mc'
maybe chmod 0755 'init.d/amavisd-snmp-subagent'
maybe chmod 0755 'init.d/atd'
+maybe chmod 0755 'init.d/bind9'
maybe chmod 0755 'init.d/bootlogs'
maybe chmod 0755 'init.d/bootmisc.sh'
maybe chmod 0755 'init.d/checkfs.sh'
maybe chmod 0644 'nanorc'
maybe chmod 0755 'network'
maybe chmod 0755 'network/if-down.d'
+maybe chmod 0755 'network/if-down.d/bind9'
maybe chmod 0755 'network/if-down.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'network/if-down.d/postfix'
maybe chmod 0755 'network/if-down.d/upstart'
maybe chmod 0755 'network/if-post-down.d/chrony'
maybe chmod 0755 'network/if-pre-up.d'
maybe chmod 0755 'network/if-up.d'
+maybe chmod 0755 'network/if-up.d/bind9'
maybe chmod 0755 'network/if-up.d/chrony'
maybe chmod 0755 'network/if-up.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'network/if-up.d/mountnfs'
maybe chmod 0640 'postfix/sender_access.pcre'
maybe chmod 0755 'ppp'
maybe chmod 0755 'ppp/ip-down.d'
+maybe chmod 0755 'ppp/ip-down.d/bind9'
maybe chmod 0755 'ppp/ip-down.d/chrony'
maybe chmod 0755 'ppp/ip-down.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'ppp/ip-down.d/postfix'
maybe chmod 0755 'ppp/ip-up.d'
+maybe chmod 0755 'ppp/ip-up.d/bind9'
maybe chmod 0755 'ppp/ip-up.d/chrony'
maybe chmod 0755 'ppp/ip-up.d/clamav-freshclam-ifupdown'
maybe chmod 0755 'ppp/ip-up.d/postfix'
maybe chmod 0644 'udev/udev.conf'
maybe chmod 0755 'ufw'
maybe chmod 0755 'ufw/applications.d'
+maybe chmod 0644 'ufw/applications.d/bind9'
maybe chmod 0644 'ufw/applications.d/dovecot-imapd'
maybe chmod 0644 'ufw/applications.d/dovecot-pop3d'
maybe chmod 0644 'ufw/applications.d/nginx'
--- /dev/null
+# Site-specific additions and overrides for usr.sbin.named.
+# For more details, please see /etc/apparmor.d/local/README.
--- /dev/null
+# vim:syntax=apparmor
+# Last Modified: Fri Jun 1 16:43:22 2007
+#include <tunables/global>
+
+/usr/sbin/named {
+ #include <abstractions/base>
+ #include <abstractions/nameservice>
+
+ capability net_bind_service,
+ capability setgid,
+ capability setuid,
+ capability sys_chroot,
+ capability sys_resource,
+
+ # /etc/bind should be read-only for bind
+ # /var/lib/bind is for dynamically updated zone (and journal) files.
+ # /var/cache/bind is for slave/stub data, since we're not the origin of it.
+ # See /usr/share/doc/bind9/README.Debian.gz
+ /etc/bind/** r,
+ /var/lib/bind/** rw,
+ /var/lib/bind/ rw,
+ /var/cache/bind/** lrw,
+ /var/cache/bind/ rw,
+
+ # gssapi
+ /etc/krb5.keytab kr,
+ /etc/bind/krb5.keytab kr,
+
+ # ssl
+ /etc/ssl/openssl.cnf r,
+
+ # GeoIP data files for GeoIP ACLs
+ /usr/share/GeoIP/** r,
+
+ # dnscvsutil package
+ /var/lib/dnscvsutil/compiled/** rw,
+
+ @{PROC}/net/if_inet6 r,
+ @{PROC}/*/net/if_inet6 r,
+ @{PROC}/sys/net/ipv4/ip_local_port_range r,
+ /usr/sbin/named mr,
+ /{,var/}run/named/named.pid w,
+ /{,var/}run/named/session.key w,
+ # support for resolvconf
+ /{,var/}run/named/named.options r,
+
+ # some people like to put logs in /var/log/named/ instead of having
+ # syslog do the heavy lifting.
+ /var/log/named/** rw,
+ /var/log/named/ rw,
+
+ # gssapi
+ /var/lib/sss/pubconf/krb5.include.d/** r,
+ /var/lib/sss/pubconf/krb5.include.d/ r,
+ /var/lib/sss/mc/initgroups r,
+ /etc/gss/mech.d/ r,
+
+ # ldap
+ /etc/ldap/ldap.conf r,
+ /{,var/}run/slapd-*.socket rw,
+
+ # dynamic updates
+ /var/tmp/DNS_* rw,
+
+ # Site-specific additions and overrides. See local/README for details.
+ #include <local/usr.sbin.named>
+}
--- /dev/null
+# The bind.keys file is used to override the built-in DNSSEC trust anchors
+# which are included as part of BIND 9. As of the current release, the only
+# trust anchors it contains are those for the DNS root zone ("."), and for
+# the ISC DNSSEC Lookaside Validation zone ("dlv.isc.org"). Trust anchors
+# for any other zones MUST be configured elsewhere; if they are configured
+# here, they will not be recognized or used by named.
+#
+# The built-in trust anchors are provided for convenience of configuration.
+# They are not activated within named.conf unless specifically switched on.
+# To use the built-in root key, set "dnssec-validation auto;" in
+# named.conf options. To use the built-in DLV key, set
+# "dnssec-lookaside auto;". Without these options being set,
+# the keys in this file are ignored.
+#
+# This file is NOT expected to be user-configured.
+#
+# These keys are current as of Feburary 2017. If any key fails to
+# initialize correctly, it may have expired. In that event you should
+# replace this file with a current version. The latest version of
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.
+
+managed-keys {
+ # ISC DLV: See https://www.isc.org/solutions/dlv for details.
+ #
+ # NOTE: The ISC DLV zone is being phased out as of February 2017;
+ # the key will remain in place but the zone will be otherwise empty.
+ # Configuring "dnssec-lookaside auto;" to activate this key is
+ # harmless, but is no longer useful and is not recommended.
+ dlv.isc.org. initial-key 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
+ brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
+ ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
+ Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
+ QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
+ TDN0YUuWrBNh";
+
+ # ROOT KEYS: See https://data.iana.org/root-anchors/root-anchors.xml
+ # for current trust anchor information.
+ #
+ # These keys are activated by setting "dnssec-validation auto;"
+ # in named.conf.
+ #
+ # This key (19036) is to be phased out starting in 2017. It will
+ # remain in the root zone for some time after its successor key
+ # has been added. It will remain this file until it is removed from
+ # the root zone.
+ . initial-key 257 3 8 "AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF
+ FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX
+ bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD
+ X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz
+ W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS
+ Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq
+ QxA+Uk1ihz0=";
+
+ # This key (20326) is to be published in the root zone in 2017.
+ # Servers which were already using the old key (19036) should
+ # roll seamlessly to this new one via RFC 5011 rollover. Servers
+ # being set up for the first time can use the contents of this
+ # file as initializing keys; thereafter, the keys in the
+ # managed key database will be trusted and maintained
+ # automatically.
+ . initial-key 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
+ +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
+ ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
+ 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
+ oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
+ RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
+ R1AkUTV74bU=";
+};
--- /dev/null
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
--- /dev/null
+;
+; BIND reverse data file for local loopback interface
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
+1.0.0 IN PTR localhost.
--- /dev/null
+;
+; BIND reverse data file for broadcast zone
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
--- /dev/null
+; BIND reverse data file for empty rfc1918 zone
+;
+; DO NOT EDIT THIS FILE - it is used for multiple zones.
+; Instead, copy it, edit named.conf, and use that copy.
+;
+$TTL 86400
+@ IN SOA localhost. root.localhost. (
+ 1 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 86400 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
--- /dev/null
+;
+; BIND data file for local loopback interface
+;
+$TTL 604800
+@ IN SOA localhost. root.localhost. (
+ 2 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+;
+@ IN NS localhost.
+@ IN A 127.0.0.1
+@ IN AAAA ::1
--- /dev/null
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.cache
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: February 17, 2016
+; related version of root zone: 2016021701
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:84::b
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35
+; End of file
--- /dev/null
+// This is the primary configuration file for the BIND DNS server named.
+//
+// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
+// structure of BIND configuration files in Debian, *BEFORE* you customize
+// this configuration file.
+//
+// If you are just adding zones, please do that in /etc/bind/named.conf.local
+
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
+include "/etc/bind/named.conf.default-zones";
--- /dev/null
+// prime the server with knowledge of the root servers
+zone "." {
+ type hint;
+ file "/etc/bind/db.root";
+};
+
+// be authoritative for the localhost forward and reverse zones, and for
+// broadcast zones as per RFC 1912
+
+zone "localhost" {
+ type master;
+ file "/etc/bind/db.local";
+};
+
+zone "127.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.127";
+};
+
+zone "0.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.0";
+};
+
+zone "255.in-addr.arpa" {
+ type master;
+ file "/etc/bind/db.255";
+};
+
+
--- /dev/null
+//
+// Do any local configuration here
+//
+
+// Consider adding the 1918 zones here, if they are not used in your
+// organization
+//include "/etc/bind/zones.rfc1918";
+
--- /dev/null
+options {
+ directory "/var/cache/bind";
+
+ // If there is a firewall between you and nameservers you want
+ // to talk to, you may need to fix the firewall to allow multiple
+ // ports to talk. See http://www.kb.cert.org/vuls/id/800113
+
+ // If your ISP provided one or more IP addresses for stable
+ // nameservers, you probably want to use them as forwarders.
+ // Uncomment the following block, and insert the addresses replacing
+ // the all-0's placeholder.
+
+ // forwarders {
+ // 0.0.0.0;
+ // };
+
+ //========================================================================
+ // If BIND logs error messages about the root key being expired,
+ // you will need to update your keys. See https://www.isc.org/bind-keys
+ //========================================================================
+ dnssec-validation auto;
+
+ auth-nxdomain no; # conform to RFC1035
+ listen-on-v6 { any; };
+};
+
--- /dev/null
+key "rndc-key" {
+ algorithm hmac-md5;
+ secret "QZWrR209/0Vzozjh+86Tww==";
+};
--- /dev/null
+zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+
+zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
+
+zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
--- /dev/null
+# run resolvconf?
+RESOLVCONF=no
+
+# startup options for the server
+OPTIONS="-u bind"
opendkim:x:123:
_chrony:x:124:
nagios:x:125:
+bind:x:126:
wireshark:x:122:
opendkim:x:123:
_chrony:x:124:
+nagios:x:125:
opendkim:!::
_chrony:!::
nagios:!::
+bind:!::
wireshark:!::
opendkim:!::
_chrony:!::
+nagios:!::
--- /dev/null
+#!/bin/sh -e
+
+### BEGIN INIT INFO
+# Provides: bind9
+# Required-Start: $remote_fs
+# Required-Stop: $remote_fs
+# Should-Start: $network $syslog
+# Should-Stop: $network $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: Start and stop bind9
+# Description: bind9 is a Domain Name Server (DNS)
+# which translates ip addresses to and from internet names
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+# for a chrooted server: "-u bind -t /var/lib/named"
+# Don't modify this line, change or create /etc/default/bind9.
+OPTIONS=""
+RESOLVCONF=no
+
+test -f /etc/default/bind9 && . /etc/default/bind9
+
+test -x /usr/sbin/rndc || exit 0
+
+. /lib/lsb/init-functions
+PIDFILE=/run/named/named.pid
+
+check_network() {
+ if [ -x /usr/bin/uname ] && [ "X$(/usr/bin/uname -o)" = XSolaris ]; then
+ IFCONFIG_OPTS="-au"
+ else
+ IFCONFIG_OPTS=""
+ fi
+ if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
+ #log_action_msg "No networks configured."
+ return 1
+ fi
+ return 0
+}
+
+case "$1" in
+ start)
+ log_daemon_msg "Starting domain name service..." "bind9"
+
+ modprobe capability >/dev/null 2>&1 || true
+
+ # dirs under /run can go away on reboots.
+ mkdir -p /run/named
+ chmod 775 /run/named
+ chown root:bind /run/named >/dev/null 2>&1 || true
+
+ if [ ! -x /usr/sbin/named ]; then
+ log_action_msg "named binary missing - not starting"
+ log_end_msg 1
+ fi
+
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ log_end_msg 1
+ fi
+
+ if start-stop-daemon --start --oknodo --quiet --exec /usr/sbin/named \
+ --pidfile ${PIDFILE} -- $OPTIONS; then
+ if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
+ echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.named
+ fi
+ log_end_msg 0
+ else
+ log_end_msg 1
+ fi
+ ;;
+
+ stop)
+ log_daemon_msg "Stopping domain name service..." "bind9"
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ log_end_msg 1
+ fi
+
+ if [ "X$RESOLVCONF" != "Xno" ] && [ -x /sbin/resolvconf ] ; then
+ /sbin/resolvconf -d lo.named
+ fi
+ pid=$(/usr/sbin/rndc stop -p | awk '/^pid:/ {print $2}') || true
+ if [ -z "$pid" ]; then # no pid found, so either not running, or error
+ pid=$(pgrep -f ^/usr/sbin/named) || true
+ start-stop-daemon --stop --oknodo --quiet --exec /usr/sbin/named \
+ --pidfile ${PIDFILE} -- $OPTIONS
+ fi
+ if [ -n "$pid" ]; then
+ sig=0
+ n=1
+ while kill -$sig $pid 2>/dev/null; do
+ if [ $n -eq 1 ]; then
+ echo "waiting for pid $pid to die"
+ fi
+ if [ $n -eq 11 ]; then
+ echo "giving up on pid $pid with kill -0; trying -9"
+ sig=9
+ fi
+ if [ $n -gt 20 ]; then
+ echo "giving up on pid $pid"
+ break
+ fi
+ n=$(($n+1))
+ sleep 1
+ done
+ fi
+ log_end_msg 0
+ ;;
+
+ reload|force-reload)
+ log_daemon_msg "Reloading domain name service..." "bind9"
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ log_end_msg 1
+ fi
+
+ /usr/sbin/rndc reload >/dev/null && log_end_msg 0 || log_end_msg 1
+ ;;
+
+ restart)
+ if ! check_network; then
+ log_action_msg "no networks configured"
+ exit 1
+ fi
+
+ $0 stop
+ $0 start
+ ;;
+
+ status)
+ ret=0
+ status_of_proc -p ${PIDFILE} /usr/sbin/named bind9 2>/dev/null || ret=$?
+ exit $ret
+ ;;
+
+ *)
+ log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload|status}"
+ exit 1
+ ;;
+esac
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+# Called when an interface disconnects
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+# Called when a new interface comes up
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
_apt:x:115:65534::/nonexistent:/bin/false
_chrony:x:116:124:Chrony daemon,,,:/var/lib/chrony:/bin/false
nagios:x:117:125::/var/lib/nagios:/bin/false
+bind:x:118:126::/var/cache/bind:/bin/false
opendkim:x:114:123::/var/run/opendkim:/bin/false
_apt:x:115:65534::/nonexistent:/bin/false
_chrony:x:116:124:Chrony daemon,,,:/var/lib/chrony:/bin/false
+nagios:x:117:125::/var/lib/nagios:/bin/false
+bind:x:118:126::/var/cache/bind:/bin/false
--- /dev/null
+#!/bin/sh -e
+# Called when an interface disconnects
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
--- /dev/null
+#!/bin/sh -e
+# Called when a new interface comes up
+# Written by LaMont Jones <lamont@debian.org>
+
+# kick named as needed
+
+# If /usr isn't mounted yet, silently bail.
+if [ ! -d /usr/sbin ]; then
+ exit 0
+fi
+
+# if named is running, reconfig it.
+rndc reconfig >/dev/null 2>&1 &
+
+exit 0
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/hwclock.sh
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
+++ /dev/null
-../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/hwclock.sh
\ No newline at end of file
+++ /dev/null
-../init.d/networking
\ No newline at end of file
--- /dev/null
+../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/networking
\ No newline at end of file
+++ /dev/null
-../init.d/umountfs
\ No newline at end of file
--- /dev/null
+../init.d/umountfs
\ No newline at end of file
+++ /dev/null
-../init.d/umountroot
\ No newline at end of file
+++ /dev/null
-../init.d/halt
\ No newline at end of file
--- /dev/null
+../init.d/umountroot
\ No newline at end of file
--- /dev/null
+../init.d/halt
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/mysql
\ No newline at end of file
+++ /dev/null
-../init.d/nginx
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/fail2ban
\ No newline at end of file
--- /dev/null
+../init.d/mysql
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/mysql
\ No newline at end of file
+++ /dev/null
-../init.d/nginx
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/fail2ban
\ No newline at end of file
--- /dev/null
+../init.d/mysql
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/mysql
\ No newline at end of file
+++ /dev/null
-../init.d/nginx
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/fail2ban
\ No newline at end of file
--- /dev/null
+../init.d/mysql
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/chrony
\ No newline at end of file
+++ /dev/null
-../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/fail2ban
\ No newline at end of file
+++ /dev/null
-../init.d/mysql
\ No newline at end of file
+++ /dev/null
-../init.d/nginx
\ No newline at end of file
+++ /dev/null
-../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/chrony
\ No newline at end of file
--- /dev/null
+../init.d/cron
\ No newline at end of file
+++ /dev/null
-../init.d/dovecot
\ No newline at end of file
--- /dev/null
+../init.d/fail2ban
\ No newline at end of file
--- /dev/null
+../init.d/mysql
\ No newline at end of file
--- /dev/null
+../init.d/nginx
\ No newline at end of file
--- /dev/null
+../init.d/rsync
\ No newline at end of file
--- /dev/null
+../init.d/dovecot
\ No newline at end of file
+++ /dev/null
-../init.d/postfix
\ No newline at end of file
--- /dev/null
+../init.d/postfix
\ No newline at end of file
+++ /dev/null
-../init.d/rc.local
\ No newline at end of file
+++ /dev/null
-../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/rc.local
\ No newline at end of file
--- /dev/null
+../init.d/rmnologin
\ No newline at end of file
--- /dev/null
+../init.d/bind9
\ No newline at end of file
+++ /dev/null
-../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/rsyslog
\ No newline at end of file
--- /dev/null
+../init.d/sendsigs
\ No newline at end of file
+++ /dev/null
-../init.d/hwclock.sh
\ No newline at end of file
--- /dev/null
+../init.d/rsyslog
\ No newline at end of file
+++ /dev/null
-../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/hwclock.sh
\ No newline at end of file
+++ /dev/null
-../init.d/networking
\ No newline at end of file
--- /dev/null
+../init.d/umountnfs.sh
\ No newline at end of file
--- /dev/null
+../init.d/networking
\ No newline at end of file
+++ /dev/null
-../init.d/umountfs
\ No newline at end of file
--- /dev/null
+../init.d/umountfs
\ No newline at end of file
+++ /dev/null
-../init.d/umountroot
\ No newline at end of file
+++ /dev/null
-../init.d/reboot
\ No newline at end of file
--- /dev/null
+../init.d/umountroot
\ No newline at end of file
--- /dev/null
+../init.d/reboot
\ No newline at end of file
_apt:*:17366:0:99999:7:::
_chrony:*:17366:0:99999:7:::
nagios:!:17452:0:99999:7:::
+bind:*:17812:0:99999:7:::
_apt:*:17366:0:99999:7:::
_chrony:*:17366:0:99999:7:::
nagios:!:17452:0:99999:7:::
+bind:*:17812:0:99999:7:::
--- /dev/null
+/lib/systemd/system/bind9.service
\ No newline at end of file
--- /dev/null
+[Bind9]
+title=Internet Domain Name Server
+description=The Berkeley Internet Name Domain (BIND) implements an Internet domain name server.
+ports=53
+
projects / config / sarah / etc.git / commitdiff